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AMENDMENTS TO THE CLAIMS 
Please amend the claims as follows: 

1 , (Currently Amended) An intrusion secure personal computer system comprising; 
a gP Ucentral processing unit : 
a data storage means; 
a memory means; 
a[[n]] primar y operating system; 

a virtual machine operating system providing an isolated secondary operating 
enviru n ment functioning separate from the primary operating system and 
controlling operations of the personal computer system within the isolated 
secondary operating environment and 

at least one i nput/output ( I/O) connection in operative communication with a n external 
data source, 

wherein the personal computer system is secured from malicio us code contained in a file 
.downloaded from the external data source. 

2. (Currently Amen< led) The computer system of claim 1 , wherein the external data source is a 
global computer network. 

3. (Canceled) 

4. (Currently Amended) The computer system of claim ||3J]_L wherein the external d ata source 
oth e r than a glob t il computer network -is at least one external d ata source selected from the 
group consisting (iT: a computer workstation, a personal-type computer, a computer dock, a 
local area network, an intranet, and a wide area network. 

5. (Currently Amended) The intruoion ooouro computer system of claim 1, wherein the virtual 
machine opeiatinii system comprises software for defining a virtual machine environment in 
memory and a virtual drive in storage, and operational control software limiting operative 
communication with the external data source to the virtual machine environment and the 
virtual machine drive. 
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6. (Currently Amended) A method for securing a personaj_computer system from intrusion 
from an external data source comprising the steps of: 

providing an intrusion secure personal computer system of claim 1; 

initiating an external data source interface session, and wherein initiating the external 
data s o urce interface session causmges activation of a virtual machine operating 
system of claim 1 and defirunges a virtual machine environment in memory and a 
virtual drive in storage; and 

establishing connectivity with the external data source under control of the virtual 
machine operating system to isolate operative communication with the external 
data w»arce to the virtual machine environment and the virtual drive to secure the 
computer system from intrusion from the external data source. 

7. (Currently Amended) A software application stored as executable instructions on a computer 
readable medium and installable on a personal computer, the ooftworo protecting th e 
computer's primmy data files from being Qooooo e d - by malicious cod e from on external data 
sourc e , th e softwa re comprising: 

executable in st ructions oomputor oodo for an isolated operating environment; and 
executable imlmctions- ge fflputoT oodo for a secondary operating system functional 

within the isolated operating environmen t on the personal computer , 
wherein primary data files of the personal computer are prevented from being accessed 

by majicious code from an external data source, 

8. (Currently Amended) The software application of claim 7, wherein the isolated operating 
environment exec iilap_le_in^truction s oomputor oodo include [[sj J primary operating system 
£POS) permission code for modifying the POS permissions. 

9. (Currently Amended) The software application of claim 8, wherein the secondary operating 
system executabl e i nstruction s computer code include[[s]] primary operating system (TPS') 
permission code Cor modifying POS external data source related access permissions. 

10. (Currently Amended) The software application of claim 9, wheroin the sooondary operatin g 
system oomputor oodo includ e s POS pormisoion oodo for modifying POS external data 
oouroo rotated acootis p e rmissions, w herein the external data source is at least one source 
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selected from the group consisting of a network node, an external data device, and an I/O 
device. 

1 1 . (Currently Amended) The software application of claim 8, wherein the secondary operating 
system executab le instruction s computer oodo include[[s]] primary operating system ( POS) 
permission code lor modifying POS internet related permissions. 

12. (Currently Amended) The software application of claim 8, wherein the secondary operating 
system executab l e instructions comput e r oodo include [[s]] primary operating system ( POS^ 
permission code lor modifying POS £net permissions. 

13. (Currently Amended) The software application of claim 7, wherein the isolated operating 
environment exe cutable instruction s computer oodo include[[s]J installation code for 
checking and setting the isolated operating environment. 

14. (Currently Amended) The software application of claim 13, wherein the isolated operating 
environment exec utable instruction s computer oodo includeMsJJ installation code for 
checking and soiling the isolated operating environment, wherein the installation code 
checks foT4he-a_eiJirent installation condition of the software application. 

15. (Currently Amended) The software application of claim 14, wh e rein the isolated operating 
e nvironm e nt computer cod e inoludoa installation cod e for ch e cking and dotting the isolated 



application as are necessary in view of the checking for the current installation condition of 
the software application. 

16. (Currently Amended) The software application of claim 14 t wh e rein the ioo l atod oporating 
environment com pu ter oodo inoludos installation cod e for ohooking and sotting th e isolat e d 
operating environ rwb^ wherein the installation code establishes short-cuts as are necessary 
in view of the checking for the_current installation condition of the software application. 

17. (Currently Amended) The software application of claim 7, wherein the isolated operating 
environmen t execulable instructions computer oftdo include[ls|] code checking and setting 
the isolated operaiing environment start up requirements. 




nmettt; wherein the installation code copies any files from the software 
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18. (Currently Amended) The software application of claim 17, wherein tho isolated operating 
e nvironm e nt co mp uter cod e inoludoo oodo checking and p e tting the isolated operating 
environment start up requirement s regarding include "freshness" of &e secondary operating 
environment £SOB) files, allocation of volatile memory to the SOE, allocation of data 
storage to the SOU, READ ONLY condition of the primary operating system partitions and 
connections, statu of intranet activity, READ ONLY condition of user access to primary 
operating system partitions. 

19. (Currently Amended) The software application of claim 7, wherein the isolated operating 
environment exec utable instruction s oomputor codo include^]] code checking and setting 
the isolated operating environment runtime requirements. 

20. (Currently Amended) The software application of claim 19, wherein th e isolat e d operating 
e nvironm e nt computer cod e inoludoG cod e ch e cking and sctting -the isolated operating 
environment runtime requirements are set to provide at least two run modes. 

21. (Currently Amended) The software application of claim 19, wherein tho isolated operating 
environment— een tputor oodo inoludos oodo ohcokmg - ond Dotting t he isolated operating 
environment runtime requirements are set t o provide at least a run mode with inet access and 
a run mode without inet access. 

22. (Currently Amended) The software application of claim 7, wherein the isolated operating 
environment exe c utable instructions comput e r ood e include[[s]] code checking and setting 
the isolated operming environment exit requirements. 

23. (Currently Amended) The software application of clai m 22 7, wherein the isolated 
operating environ went executable instructions oomputor codo include[fs]l code checking and 
setting the isolated operating environment exit requirements inoludoo comprising 
disconnecting l[(lhej] a secondary operating e nvironment (SDR) from^fae an inet closing-fee 
a node interface, freeing-fee - an SOE volatile memory allocation, flushing a-the temporary 
data storage allocation, disconnec ting from any SOE files and partitions, refreshing SOE 
boot file, and restor etng an intranet connection. 
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24s (Currently Amended) The software application of claim 7, wherein the isolated operating 
environment executable instruction s! oomputor code include[[sj] code checking and setting 
the isolated operating environment requirements. 

25. (Currently Amended) The software application of claim 7, wherein the isolated operating 
environment executable instruction s oomputor oodo include [[s]] code checking and setting 
the isolated operating environment requirements, including: allocating and connecting to a 
region of volatile memory for A* * secondary operating environment £SOEl, allocating and 
connecting to a diUa storage space, providing a connection to a CPU cgnfral processing unit 
of the personal computer, connecting to an external data source node, providing a connection 
to a video card of the computer, providing a connection to a sound card of the computer, 
providing a connection to a printer of the computer, providing a connection to a mouse and a 
keyboard of the computer, and forming a network bridge between the secondary operating 
system of the SO It and the primary operating system of th e personal computer. 

26. (Currently Amended) A security method for protecting a personal computer from malicious 
code derived from an external data source comprising the steps of: 

loading a software application installable on the personal computer, wherein t he software 
application fef protecting the personal computer's primary data files from being 
accessed by malicious code from an the external data source; 

installing the software application on the personal computer, the installed application 
defining an isolated operating environment including a secondary operating 
system, the secondary operating system functioning in conjunction with and 
sepamic from a primary operating system on the personal computer, and the 
installed application defining primary operating system permission codes to limit 
access to a node connectable to an the external data source to the isolated 
operating environment under control of the secondary operating system; 

initiating an external data source interface session via the node within the isolated 
operating environment, and allocating a volatile memory space and a temporary 
data * i wage space to the secondary operating system for the duration of the 
session; and 
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establishing connectivity with the external data source via the node under control of the 
secondary operating system to isolate operative communication with the external 
data source to the isolated operating environment, and protecting the personal 
computer from malicious code derived from the external data source. 
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